I'll give you the full low-down, I'm mid 20s, from the UK. I have already done a science degree (to Masters level) and I've been unsuccessful in getting a job due to the current market for that job role and that part of the country. So i want to go back to a passion I've had for years, which is in IT security. However, I have minimal qualifications (from school) for IT, but I have natural and self taught talent which exceeds even that of some people in university. I have a cousin who has an Honours in Computer Networking, and he said I would have walked his degree. However, I have nothing on paper to back anything up. My only hope is to start doing loads of certificates, likes CEH, ECSA, SANS,etc. I am willing to do whatever ones it takes. However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?

If you were asking if you could land an IT security job without a degree - absolutely! Both don and I have done so. Sometimes it may be more difficult, and will require you to be able to speak well (communicate,) earn some certs (and continue to grow and expand upon them,) and gain as much experience where and when you can. Additionally, network with folks, get active in IT security communities, and start getting to know people in the industry.

It's not always easy, and there are days I wish I'd had a degree to help me out with the headhunters, but at the end of the day, I'm doing very well for myself, considering the lack of any degree.

Keep driving for what you want. I can't speak for what you'll be able to earn (or not) in the UK, but I can tell you I'm doing just fine as the sole 'bread winner' in my home, with a wife and 4 kids, so it's definitely achievable.

Good luck, and let us know how you do, going forward!

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

You may want to also consider going for a systems or networking position and not trying to go straight into security. You'll have an easier time getting an IT job with little experience than you will an infosec position. Also, make sure your certifications compliment your experience. It may be advantageous to start with something more general, like the CCNA, instead of loading up on professional-level infosec certs.

Well you mentioned you had a science degree. So you do have A degree. Which always looks better than no degree at all. A friend of mine had a Pych degree and was a high level engineer at the consulting firm we were at. Now he runs his own firm.

Best thing you can do is work towards some experience in IT in general and possible go for something like Security+ or CEH to back you knowledge up.

Also, like Hayabusa mentioned, get involved with the community. The more you network the better.

Jamie.R wrote:I would say if you have money try go for the CREST/Tiger Team member exam if you can get that most companies will take you on as junior you be expecting to get 20-25k depending on the company.

If you need any more advice feel free to drop me a PM anytime I am in the UK and fell your pain as I have been where you are.

Thats seems interesting, do you have a link for a course/exams for that?

pharmerjoe wrote:I'll give you the full low-down, I'm mid 20s, from the UK. I have already done a science degree (to Masters level) and I've been unsuccessful in getting a job due to the current market for that job role and that part of the country.

It's nice to hear you've already done a science degree, but it's sad to hear you've been unsuccessful, have you had any IT-jobs at all? I'm wondering if you're aiming too high, but getting a junior position within pentesting shouldn't be impossible

pharmerjoe wrote:So i want to go back to a passion I've had for years, which is in IT security. However, I have minimal qualifications (from school) for IT, but I have natural and self taught talent which exceeds even that of some people in university.

What are these self-taught talents? Do you have any blogs? Websites? Created any videos, tools, whitepapers, etc.? (My point is, without experience, and perhaps no certifications within infosec at all, having these other things may contribute to getting a job.)

pharmerjoe wrote:I have a cousin who has an Honours in Computer Networking, and he said I would have walked his degree. However, I have nothing on paper to back anything up. My only hope is to start doing loads of certificates, likes CEH, ECSA, SANS,etc.

About the loads of certificates, if you want to learn something useful, avoid CEH and ECSA. Some SANS training is okay, but I haven't heard anyone say it's "hard", as in you actually find it challenging, compared to other training providers. GIAC are by the way, the certification provider that is related to SANS.

So you should focus on other certifications, from e.g., Hacking Dojo, Offensive Security or eLearnSecurity for starters, as you'll gain a lot more practical knowledge that you can use. Offensive Security certifications, even has quite a lot of value in the UK. (OSCP in particular.)

[quote author=pharmerjoe link=topic=8531.msg46884#msg46884 I am willing to do whatever ones it takes. However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to? [/quote]

Whatever it takes, if you want to be one of the best, say goodbye to playing computer games (if you do that a lot) and other things that takes up a lot of your time. Then say hello to reading books about hacking (there's many good ones), papers, presentations (from e.g., Defcon.org and BlackHat.com), learning programming languages if you don't know any (like C or C++), or scripting languages like Python, or perhaps PHP if you're focusing on Web Application Security.

Instead of MSN, Skype, or whatever you use, say hello to IRC if you're not already there, where you might use hours discussing various infosec topics, for fun, or just random things in life.

That is some of what it takes, if you're going to be serious In some point of my life, when I was working with IT-support, I was also using my own server outside work to find 0days in web applications, in the small breaks I had between calls when there was nothing to do. (I really enjoyed looking for 0days at that time (still do), even in small apps that hardly anyone use.)

[quote author=pharmerjoe link=topic=8531.msg46884#msg46884 However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to? [/quote]

If you're good, and you can prove it during an interview (the technical part), then experience and education may not matter that much, if you pass the technical part without any problems. We're of course talking about junior positions which you should be focusing on.

The salary, there's a website for that. When you step up from junior, and onward to senior, the salary can climb really high. If you're going into information security, salary shouldn't be your primary, second or third concern, it should be to get a foot inside, and get paid enough to live okay (It isn't a bad pay juniors get either.)

Living in the UK gives you a nice advantage over living in many other countries, as there's quite a lot of pentesting jobs there, compared to e.g., Denmark, where the role "junior penetration tester", doesn't exist. (In fact, penetration testing hardly exists as a single job, it's often melted into consulting instead, which requires many years of experience, certifications, education, etc.)